HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)
c
compartments(4) compartments(4)
access. Rules of this type can be either subject-centric or object-centric. Two formats are available for IPC
rules.
The first form of IPC rules controls process communication and uses the following format:
(grant|access)(pty|
fifo|uxsock|ipc) compartment_name
where the values are defined as follows:
grant Allows processes in the compartment compartment_name to access the specified IPC
mechanism in this compartment. This keyword specifies an object-centric rule.
access Allows processes in this compartment to access the specified IPC mechanism in com-
partment compartment_name. This keyword specifies a subject-centric rule.
pty Applies to terminals (ptys and ttys) that are used to communicate between processes.
Note that these rules are applied in addition to any file system rules that control the
path name representing the terminal. Normally terminals do not have any compart-
ment until a process opens them. When a terminal without a compartment ID is
opened, its compartment is set to that of the process that opened it. When all open file
handles to the terminal are closed, the terminal’s compartment ID is unset.
fifo Applies to named pipes (FIFOs) that are used to communicate between processes. Note
that these rules are applied in addition to any file system rules that control the path
name representing the named pipe. Initially a FIFO has no compartment. When a pro-
cess opens the FIFO for the first time, its compartment is set to that of the process.
When all processes close the FIFO, its compartment is unset.
uxsock Applies to UNIX domain sockets that are used to communicate between processes. Note
that these rules are applied in addition to any file system rules that control the path
name representing the socket. As with FIFOs, initially a UNIX socket has no compart-
ment. When a process opens the UNIX domain socket for the first time, its compart-
ment is set to that of the process. When all processes close the UNIX domain socket, its
compartment is unset.
ipc Applies to the following IPC mechanisms: System V shared memory (for example,
created using shmget()), System V and POSIX semaphores (for example, created
using semget() or sem_open() ), and System V and POSIX message queues (for
example, created using msgget() or mq_get()). When an IPC object is created, its
compartment is set to that of the process that created it. POSIX shared memory is
implemented as standard files; hence, POSIX shared memory obeys file system rules,
but not ipc rules.
compartment_name
Name of the other compartment with which a process in this compartment can commun-
icate.
The second form of IPC rules governs process visibility and uses the following format:
(send|receive) signal compartment_name
where the values are defined as follows:
send Allows a process in this compartment to view or access processes in compartment_name.
This keyword specifies a subject-centric rule.
receive Allows a process in compartment_name to view or access processes in this compartment.
This keyword specified an object-centric rule.
signal Identifies this as a signal IPC rule. Even though the rule uses the keyword signal,in
reality, it controls all aspects of process visibility. For example, the output of the ps
command reflects the process visibility restrictions set using this rule.
compartment_name
Name of the other compartment which processes in this compartment can view or be
viewed from.
Network Rules
Network rules control access between a process and a network interface, as well as between two processes
using loopback communications. These rules control the direction of network traffic (incoming, outgoing, or
both) between the subject compartment and the target compartment specified in the rule. For loopback
HP-UX 11i Version 3: February 2007 − 3 − Hewlett-Packard Company 59